ity vs. Security. 


The clashes of the titans — 
Can they live together? 


Usabil 


Alon Kırıatı 
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Yandex 


(50 gle Are there available tickets for Scotland vs. Ukraine? 4 


P TSE дате > KA Em. mes 
Г ES "E 
2 im ¥ SCOTLAND TICKETS 
© | 2 ಕು = 


> Scotland > Supporters&Tickets > Scotland Tickets 


/ Membership / Newsletter 


BUY SCOTLAND TICKETS 


Keep up to date with the latest ticketing news via Scotland National Team Twitter and 
Scotland National Team Facebook. 


Ticket Office 


Scotland v Ukraine 


F.I.F.A. World Cup Play-off | A Squad 


Buy Online 
ES 24/03/2022 €) 7:45pm 9 Glasgow @ Buy Online 


BUY ONLINE 


Q 


Scotland v Ukraine 


F.I.F.A. World Cup Play-off | ASquad 


E 24/03/2022 €) 7:45pm 9 Glasgow 


™ BUY ONLINE Tickets 


MENS 'A' HOME 
GAMES 


SCOTLAND MEN'S NATIONAL FOOTBALL TEAM Find home tickets for upcoming Scotland Men's 


National Football Team. 


HOME MATCH PACKAGE 2022 + 


Ф Home Match Package 2022 Thursday, 24 March, 2022 - Friday, 23 September, 2022 wues ` 


А CAN | BUY THIS PRODUCT? 
You need to have purchased or have in your basket Scotland Supporters Club 2020-2021 before buying this! 


IMPORTANT INFORMATION PERSONAL DETAILS (WHO THE 


Package Includes - *FIFA World Cup Play Off - Scotland v Ukraine *UEFA Nations League - Scotland v Armenia *UEFA Nations League - Scotland v Ukraine *UEFA Nations League - Scotland v MEMBERSHIP IS FOR) 


Republic of Ireland 
Title* 


ЕС - : 


Еогепате* 


| 


REGISTER NEW ACCOUNT 


Surname* 


Date of Birth* 


If you are a new customer who has never purchased tickets from The 
Scottish FA before, please click the “Register New Account” button and 
register online now. 


Email* 


PASSWORD 


(Passwords need be 8-64 characters long and contain 1 upper case 
letter, 3 lower case letters, 1 number and 1 special character e.g !@#£ 


%) 


Password” 


Confirm Password” 


IS IT STILL 19902 


2% 


г O ! 
UN 


G 


98% 


https:/Awww.shrm.org/resourcesandtools/hr-topics/technology/pages/the-password-is-slowly-becoming-extinct.aspx 


DATA BREACHES 


2.18 


https://en.wikipedia.org/wiki/List of data breaches 


IF IT HAPPENED TO THEM, IT CAN 
HAPPEN TO YOU 


Q 


2020 / 200M users 2019 / 540M users 2019 / 250M users 


Q є 


2017 / 57M users 2012 / 12M users 2013 / 4.7M users 


https://en.wikipedia.org/wiki/List of data breaches 


YOUR LAST LINE OF PROTECTION 


a3N ^ 95967*xR 


UK / SEGURITY TRADEOFFS 
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#1 BUILD 


Where You're Logged In 
4) Е . а now 


Messenger - 5 hours ago 


v See More 


Login 


ಕ್ರ Change password 
| It's a good idea to use a strong password that you're not using elsewhere 


Save your login info 
On + It will only be saved on the browsers and devices you choose 


(x 
«У 


Two-factor authentication 


7, Use two-factor authentication 


" Authorized Logins 
Review a list of devices where you won't have to use a login code 


Setting Up Extra Security 


e Get alerts about unrecognized logins 
Оп. We'll let you know if anyone logs in from a device or browser you don't usually use 


о. Choose З to 5 friends to contact if you get locked out 
C? Your trusted contacts can send a code and URL from Facebook to help you log back in 


Advanced 


a Encrypted notification emails 
Add extra security to notification emails from Facebook (only you can decrypt these emails) 


See recent emails from Facebook 
See a list of emails we sent you recently, including emails about security 


^ We'll ask for a login code if we notice an attempted login from an unrecognized device or browser. 


Edit 


Edit 


Edit 


View 


Edit 


Edit 


Edit 


View 


#1 BUILD 


Logins 
Password estimation 
2-factor authentication 


Device/web control 
Connected Devices 


Web Sessions 


Recovery 
Recovery mail 


Recovery codes 


Sessions control 
Sign-in every X days 
Idle time 


Alerts 
New sign-ins 
Suspicious activity 


Data control 
3rd party apps 
Encryption method 


#1 BUILD 


Security 


Require that all meetings are secured with one security option 


Require that all meetings are secured with one of the following security options: a passcode, Waiting Room, or 
"Only authenticated users can join meetings”. If no security option is enabled, Zoom will secure all meetings with 
Waiting Room. Learn more 


Waiting Room 


When participants join a meeting, place them in a waiting room and require the host to admit them individually. 
Enabling the waiting room automatically disables the setting for allowing participants to join before host. 


Waiting Room Options 
The options you select here apply to meetings hosted by users who turned 'Waiting Room' on 


v Users who are not in your account and not part of your whitelisted domains will go in the waiting room 


У Host, co-hosts, and anyone who bypassed the waiting room (only if host and co-hosts are not present) can 
admit participants from the waiting room 


Edit Options Customize Waiting Room 


Require a passcode when scheduling new meetings 


A passcode will be generated when scheduling a meeting and participants require the passcode to join the 
meeting. The Personal Meeting ID (РМ!) meetings are not included. 


Require a passcode for instant meetings 


A random passcode will be generated when starting an instant meeting 


Require a passcode for Personal Meeting ID (PMI) 
Require a passcode for Personal Audio Conference 


Require passcode for participants joining by phone 


#2 SET ENFORGEMENT LEVEL 


Password 


To continue, first verify it's you 


Enter your password 


C] Show password 


Forgot password? 


1 Passwords must be at least 6 characters. 


Weak password 
Google 


2-Step Verification 


D 
Password O = 


E 


*That password is too easy to guess. Learn more 


#3 ENCOURAGE 


ಅ (©) | ©) | © 0) 


Take a minute to ensure you're keeping your Dropbox account protected. 
Currently reviewing your Dropbox Dropbox. Switch to Personal Dropbox. 


Verify email 


A current email address makes it easy to get back into your account if you ever forget 


your password. 


о your current email? 


Contact your team admin to change your email 


Review devices and browsers 


Review linked apps 


Ensure your password is secure 


Review two-step verification settings 


Try a password manager 


Security Check-up 


9 issues found 


© Your devices 2 
Fix 7 issues with your devices 

& Recent security events „ 
Review 1 critical event 

9 Third-party access - 
Review app passwords 

9 2-Step Verification à 


2-Step Verification is on 


Check your 71 saved passwords for 
security issues 


Password Checkup E 


How to keep your account secure 


You're all set. No security actions are recommended at this time. 


ef Your password is ОК 
© Turn on two-factor authentication 


£ Login alerts are on 


#4 DELEGATE (B2B) 


Re 


#4 DELEGATE (B2B) 


Settings > Two-step verification 


1 Two-step verification | 
H | р u | нэ. o Optional У 
Require an additional layer of security when signing in, like a key or code. More about two-step verification 


0 Optional 
Members can use two-step verification if they like 


Optional for specific members e Required 


Make enabling two-step verification optional for some members—even when it's required for the team. Members must use two-step verification 


#4 DELEGATE (B2B) 


Settings > Device approvals 


Computers YA 
Unlimited v 
How many computers can each member connect to Dropbox through the Dropbox desktop app? 
V Unlimited 


Mobile devices | 0 


How many phones and tablets can each member connect to Dropbox through Dropbox mobile apps? 


Disconnected devices 
| | | Remov 
What should happen when a member disconnects a computer or mobile device? 


a Aà O N 


Device overaaes Г м | 


#4 DELEGATE (B2B) 


Settings > Web session control 


Web session control 
| O Set how long members can stay signed in to dropbox.com. They'll automatically be signed out when the session expires. 


Learn more 


Fixed session length 
| 1 month v 
Set how long members can stay signed in to dropbox.com. 


Idle session length 1 week 


Set how long members can be idle for while signed in to dropbox.com. 200: 


Y 1 month 


ADMIN CONTROL - DUR COMPETITORS 


Password Requirements 


Character settings: Minimum required characters: 8 ~ | 
М Require number(s): O km 
| Require special character(s): & 
— Require at least one uppercase letter 
м Prevent common words / email address as a password: @ 
Password resets: — Require users to reset passwords every: 


Perform a global password reset now. 
All users and admins will be required to change their password on next login. 


Reset Passwords Now 


| Prevent reusing passwords from: Last ^ ~ times 


d WAYS 


| want to have the same password controls 
as your competitors 


| want to force my users to use long passwords with 
special characters, numbers, etc. 


| want more control over my users' passwords 


| want them to use strong passwords 


| want o reduce the risk of account hijacking 


| want my team's files to be safe 


WHICH PASSWORD 15 BETTER? 


TrOubAdor&3 


bluegiraffeplaysball cl, 
M 


Google Whats considered to be a good password $ Q 


А strong password consists of at least six characters (and the more characters, the 
stronger the password) that are a combination of letters, numbers and symbols (@, 
É, $, Yo, etc.) if allowed. Passwords are typically case-sensitive, so a strong 
password contains letters in both uppercase and lowercase. 


M 6+ characters 
M MiXed CaSE 
[4 numb3rs 


M special ch@r@cters! 


LET'S COMPARE 


numb3rs 1?) Q 


ch@r@cte ү Q 


(l ‚ vr BIZARROLC ICS.COM 
( 


| | ( Your ugername ү 
ЖАЦ [ li or password are 
incorrect, 

Sach 


Hard to guess 


aum 9 
> 


Easy to remember 


HARD TO GUESS 


# of guesses required 
to crack the password 


NAIVE ESTIMATION 


guesses = cardinality length o 


Cardinality abc ОБЕ abctABC+123+@S% 
Guesses — vxcbli - d%ac3? 


1000/sec. 215 days — £140 years 


length 


cardinality 


We're humans 


Not robots 


HARDER TO GUESS 


Т:0:5544533 


Tr 


HARDER TO GUESS 


„АЕ 
common VN 


а 


шинж EM 550 years 


EASY TO REMEMBER 


TrOmbone?3 
TroubadOr?3 


TrOubador?3 


TrOubAdOr!3 


TrOubadOr?3 
TrOub4d0r&3 


O 


BIGGEST SITES ESTIMATIONS 
© C9 


password 123456! 


Lreale а password 


Password strength: Strong 


Use at least 8 characters. Don't use a 
password from another site, or something Confirm your password 


too obvious like your pet's name. Why? 


Fe nl 


Password strength: Strong 


Wi ATI 


confirt 
Your password must have: 
(೨) 8 or more characters 
(2 Upper & lowercase letters 
| At least one number 
Securi © v 


Strength: strong 


answe 


IF WE ONLY HAD A TOOL 


Password to test: [passwords] Senn 


password: 123456: 


pattern: dictionary pattern: dictionary pattern: dictionary 
token: password token: 123456 


token: |! 
rank: 1 rank: 2 rank: 2 
entropy: 0 


entropy: 1 133t entropy: 1 
entropy: 2 


zxcvbn 


HOW TO USE 


5 npm install zxcvbn 
S node 
> var zxcvbn = require( zxcvbn ); 


> zxcvbn( 'TrOub4dour&3'); 


FAST & LIGHT 


೧ REVIEWS NEWS VIDEO HOW TO SMART HOME CARS DEALS DOWNLOAD 


SECURITY 


Father of passwords regrets the advice he 
gave 


Commentary: Bill Burr thought he gave the right advice about password 
creation. He's decided he was wrong. 


O USA TODAY 


NEWS SPORTS LIFE MONEY TECH TRAVEL OPINION O 83º CROSSWORDS VIDEO GRATEFUL SUBSCRIBE NEWSLETTERS STOCKS N 


Password expert says he was wrong: Numbers, capital 
letters and symbols are useless 


POLITICS BORDER CRISIS TECH&MEDIA BUSINESS INTERNATIONAL THINK The Telegraph 


Gadgets Innovation BigTech Start-ups Politicsof Tech Gaming Podcast Te 


Forget Everything You Know About — 


Password guru who told the world to 


Passwords, Says Man Who Made Password make them complicated admits: I got it 
Ru les completely wrong 


SECURITY 


RECOMMENDATION UPDATE - NIST 


(4 No password hints 
™ Knowledge-based authentication (КВА) Is out. 
и No more expiration without reason 


и No composition rules 


"National Institute of Standards and Technology 


ADMIN CONTROL - DUR COMPETITORS 


Password Requirements 


Character settings: Minimum required characters: | 8 > 


М Require number(s): O | 2 - 

_) Require special character(s): O 

— Require at least one uppercase letter 

(V Prevent common words / email address as а password: Ө 
Password resets: | Require users to reset passwords every: 


Perform a global password reset now. 
All users and admins will be required to change their password on next login. 


Heset Passwords Now 


| Prevent reusing passwords from: Last ^ ~ times 


Password strength 
Require your team to set stronger passwords on their Dropbox 


accounts. 


Strong 


ч 


Password strength 
Require your team to set stronger passwords on their Dropbox 


accounts. 


Fast Simple 


Strong v 


Powerful 
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FINDING THE BALANCE 


Decide Encourage Delegate 


PASSWORD ESTIMATION 


Dee 
= 


SECURITY VS. UK 


THANK YOU 


= --4--- i, 
TrQ@ub4dor 83 
T. Г 7 QW 


CAPS? COMMON ^ 
SUBSTITUTIONS 


] 


29 
2 = 3 DAYS AT 
1000 GUESSES /sEC 
( PLAUSIBLE ATTACK ON A WEAK REMOTE. 
WEB SERVICE. YES, CRACKING A STOLEN 
HASH 15 FASTER, BUT ಗ NOT WHAT THE 
AVERAGE USER SHOULD WORRY ABOUT.) 


| NUMERAL 


PUNCTUATION DIFFICULTY TO GUESS: 


~ ЧЧ BITS OF ENTROPY 


correct horse battery staple 


| | 1000 GUESSES/SEC 
FOUR RANDOM / 
COMMON WORDS ES 


HARD 


Dan Wheeler 


IT TROMBONE? 
ma, pl E С) Search or jump to... / Pulls Issues Marketplace 
THE Os WAS A ZERO? 
\ y 
AND THERE WAS 
SOME SYMBOL... — Н dropbox / zxcvbn O Watch ~ 265 
<> Code (©) Issues 96 1) Pull requests 26 (>) Actions (11) Pr 
DIFFICULTY TO REMEMBER: 
P master v Go to file Add file ~ У Ca 
(СУ lowe Fix broken demo link in README Y onOct13,2017 € 
бао data-scripts doc tweak: make usage in data-scripts con... 6 yeal 
DIFFICULTY TO REMEMBER: бт data skip non-unicode top passwords in xato. (t... 6 yeaı 
YOUVE ALREADY 
MEMORIZED IT ೫ demo add password feedback to demo 6 yeaı 


THROUGH 20 YEARS OF EFFORT, WE'VE SUCCESSFULLY TRAINED 
EVERYONE TO USE PASSWORDS THAT ARE HARD FOR HUMANS 
To REMEMBER, BUT EASY FOR COMPUTERS ТО GUESS, 


THANK YOU 


Leave your feedback! You 
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me what you've liked and 


what can be improved :) 
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